protected function doAutoLogin(string $token, string $uid_idx, string $token_idx) : bool
{
if (!$this->airship_auth instanceof Authentication) {
$this->tightenSecurityBolt();
}
$state = State::instance();
try {
$userId = $this->airship_auth->loginByToken($token);
\Sodium\memzero($token);
if (!$this->verifySessionCanary($userId, false)) {
return false;
}
// Regenerate session ID:
Session::regenerate(true);
// Set session variable
$_SESSION[$uid_idx] = $userId;
$autoPilot = Gears::getName('AutoPilot');
if (IDE_HACKS) {
// We're using getName(), this is just to fool IDEs.
$autoPilot = new AutoPilot();
}
$httpsOnly = (bool) $autoPilot::isHTTPSConnection();
// Rotate the authentication token:
Cookie::setcookie($token_idx, Symmetric::encrypt($this->airship_auth->rotateToken($token, $userId), $state->keyring['cookie.encrypt_key']), \time() + ($state->universal['long-term-auth-expire'] ?? self::DEFAULT_LONGTERMAUTH_EXPIRE), '/', '', $httpsOnly ?? false, true);
return true;
} catch (LongTermAuthAlert $e) {
$state = State::instance();
// Let's wipe our long-term authentication cookies
Cookie::setcookie($token_idx, null, 0, '/', '', $httpsOnly ?? false, true);
// Let's log this incident
if (\property_exists($this, 'log')) {
$this->log($e->getMessage(), LogLevel::CRITICAL, ['exception' => \Airship\throwableToArray($e)]);
} else {
$state->logger->log(LogLevel::CRITICAL, $e->getMessage(), ['exception' => \Airship\throwableToArray($e)]);
}
// In debug mode, re-throw the exception:
if ($state->universal['debug']) {
throw $e;
}
}
return false;
}